CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 4 days ago•8 views

CVE-2026-54911

UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Prior to 5.13.0, ujson.dumps or ujson.dump or ujson.encode have a rejectbytes=False option. When set, they may accept malformed or truncated UTF-8 byte sequences, silently rewriting them into different...

6.5CVSS0.00287EPSS

OSV•added 4 days ago•2 views

UBUNTU-CVE-2026-54911

6.5CVSS5.8AI score0.00287EPSS

Exploits0References5

Cvelist•added 4 days ago•19 views

CVE-2026-54911 UltraJSON: Malformed/Truncated UTF-8 Accepted and Silently Rewritten in ujson.dumps()

6.5CVSS0.00287EPSS

CVE•added 4 days ago•10 views

CVE-2026-54911

CVE-2026-54911 (UltraJSON) : The vulnerability affects UltraJSON (C core with Python bindings) where ujson.dumps()/dump()/encode() with reject_bytes=False may accept malformed or truncated UTF-8, silently rewriting to other Unicode characters instead of rejecting. This enables input validation by...

6.5CVSS5.9AI score0.00287EPSS

Github Security Blog•added last week•5 views

UltraJSON: Malformed/Truncated UTF-8 Accepted and Silently Rewritten in ujson.dumps()

Summary ujson.dumps or ujson.dump or ujson.encode have a rejectbytes=False option. When set, they may accept malformed or truncated UTF-8 byte sequences, silently rewriting them into different Unicode characters instead of rejecting them. This leads to input validation bypass and data integrity...

6.5CVSS5.7AI score0.00287EPSS

Exploits0References4Affected Software1

OSV•added last week•4 views

GHSA-3J69-69WJ-XQX2 UltraJSON: Malformed/Truncated UTF-8 Accepted and Silently Rewritten in ujson.dumps()

6.5CVSS5.7AI score0.00287EPSS

Exploits0References4

Positive Technologies•added 2026/06/19 12:0 a.m.•9 views

PT-2026-51093

Name of the Vulnerable Software and Affected Versions UltraJSON versions prior to 5.13.0 Description The functions ujson.dumps, ujson.dump, and ujson.encode contain an issue when the reject bytes variable is set to False. In this configuration, the software may accept malformed or truncated UTF-8...

6.5CVSS5.8AI score0.00287EPSS

Exploits0References6

RedhatCVE•added 2026/06/07 12:43 a.m.•13 views

CVE-2026-44660

A flaw was found in UltraJSON, a fast JSON encoder and decoder. When the ujson.dump function attempts to write data to a file-like object and an error occurs during this operation, the memory allocated for the serialized JSON string is not properly released. This continuous failure to deallocate...

8.7CVSS5AI score0.00421EPSS

Exploits1References6

Tenable Nessus•added 2026/06/01 12:0 a.m.•12 views

Linux Distros Unpatched Vulnerability : CVE-2026-44660

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Prior to 5.12.1, when ujson.dump writes to a file-like object and...

8.7CVSS5.5AI score0.00421EPSS

OSV•added 2026/05/27 9:16 p.m.•5 views

DEBIAN-CVE-2026-44660

UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Prior to 5.12.1, when ujson.dump writes to a file-like object and the write operation raises an exception, the serialized JSON string object is not decremented, leaking memory. Each failed write operatio...

7.5CVSS5.8AI score0.00421EPSS

Exploits1References1

NVD•added 2026/05/27 9:16 p.m.•11 views

CVE-2026-44660

8.7CVSS0.00421EPSS

OSV•added 2026/05/27 9:16 p.m.•8 views

UBUNTU-CVE-2026-44660

ATTACKERKB•added 2026/05/27 8:42 p.m.•7 views

Exploits1References5

CVE-2026-44660

Exploits1References4Affected Software1

EUVD•added 2026/05/27 8:42 p.m.•8 views

EUVD-2026-32663

Vulnrichment•added 2026/05/27 8:42 p.m.•7 views

CVE-2026-44660 UltraJSON: Memory Leak in ujson.dump() on Write Failure

Cvelist•added 2026/05/27 8:42 p.m.•48 views

CVE-2026-44660 UltraJSON: Memory Leak in ujson.dump() on Write Failure

8.7CVSS0.00421EPSS

CVE•added 2026/05/27 8:42 p.m.•24 views

CVE-2026-44660

Summary of CVE-2026-44660 : UltraJSON’s ujson.dump() to a file-like object can leak memory if the underlying write() raises an exception. The root cause is that the temporary JSON string created during objToJSONFile() is not decremented on early return, causing memory growth proportional to the p...

Exploits1References3Affected Software1

Debian CVE•added 2026/05/27 8:42 p.m.•7 views

CVE-2026-44660

CNNVD•added 2026/05/27 12:0 a.m.•8 views

Exploits1

UltraJSON 安全漏洞

UltraJSON is an open-source, ultra-fast JSON encoder and decoder written in pure C language, and compatible with Python 3.7+. Versions of UltraJSON prior to 5.12.1 contained a security vulnerability. This vulnerability occurred when writing object-like data to a file using ujson.dump, where an...